Summit on Education in Secure Software Final Report

Size: px
Start display at page:

Download "Summit on Education in Secure Software Final Report"

Transcription

1 Summit on Education in Secure Software Final Report Dr. Diana L. Burley The George Washington University Dr. Matt Bishop University of California, Davis GW: UCD: Report GW-CSPRI Technical Report CSE Support for this work was provided through the National Science Foundation Directorate for Computer & Information Science & Engineering and the Directorate for Education & Human Resources under Award # Opinions expressed, conclusions drawn, and recommendations provided do not necessarily reflect the views of the National Science Foundation. June 30, 2011

2

3 Summit in Secure Education: Final Report Table of Contents Executive Summary...1 Summit on Education in Secure Software...5 Background...5 Summit on Education in Secure Software...6 SESS Objectives...6 SESS Teleconference...7 Secure Programming Education: Requirements and Challenges...7 Summary of Requirements...7 Details of Requirements...8 Summary of Challenges...9 Details of Challenges...10 The Roadmaps (and Potholes)...11 The Roadmaps...12 Computer Science Students...13 Non-Computer Science Students...17 Community College Students...21 K-12 Students...24 Computer Science Professionals...27 Non-Computer Science Professionals...30 The Role of Higher Education...34 Licensure and Certification...35 Conclusion...37 Appendix A Summit Overview...41 Appendix B Organizing Discussion Questions...46 Appendix C Summit Agenda...47 Appendix D Participant List...49 Appendix E Licensure/Certification Presentation Summary...52 About the Authors...58

4

5 Summit on Education in Secure Software Final Report Dr. Diana L. Burley and Dr. Matt Bishop Executive Summary Cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century. In order to meet these challenges, the software that controls critical systems and infrastructure must be reliable, robust, and able to satisfy the requirements that are placed upon it. To this end, all people involved in the development and deployment of these systems and infrastructure, from the policymakers who determine what requirements the systems must meet to the businesspeople who provide the support needed to create the systems to the architects, implementers, and operators of these systems, must understand the criticality of reliable, robust, and secure software to control these systems. The notion of trustworthy computing embodies many more facets of computing than software implementation, but poorly implemented software undermines all other aspects of trustworthy computing. Thus, a curriculum designed to meet the cybersecurity challenges of the future must integrate principles and practices of secure programming. Because of the breadth of people who will influence the creation and deployment of this software, students studying a variety of technical and non-technical disciplines must recognize the difference between software that is sufficiently robust and software that is not. To determine how best to address this need, the National Science Foundation Directorates of Computer and Information Science and Engineering (CISE) and Education and Human Resources (EHR) jointly sponsored the Summit on Education in Secure Software (SESS). The summit focused on how best to educate students and current professionals on secure programming concepts and practices, and to provide roadmaps indicating both the resources required and the problems that had to be overcome. Organized by The George Washington University and the University of California at Davis, the summit began with a teleconference on September 7, 2010 and continued with a two-day workshop in Washington, DC on October 18 and 19, SESS participants included members of academia, government, industry, professional organizations, and policy makers from both the public and private sectors. This multi-disciplinary group provided depth to identify technical challenges and breadth to identify operational constraints and opportunities. This enabled the summit participants to examine ways to advance and improve the state of education in secure software. The goal of SESS was to develop a comprehensive agenda focused on the challenges of secure software education. To meet this goal, SESS had three specific objectives. 1. To have cybersecurity stakeholders from academia, government, industry, and certification and training institutions discuss the goals of teaching secure programming and the current state of that teaching; 2. To use that discussion as the basis of a collaborative effort to suggest new approaches, and improve existing approaches, to improve the quality of that education and to enable it to reach a broader audience; and 3. To outline a comprehensive agenda for secure software education that includes objectives for different audiences, teaching methods, resources needed, and problems that are foreseen to arise. Summit on Education and Secure Software Final Report 1

6 Summary of the Findings The findings are presented in the form of road maps for constituent groups that describe ways to improve the state of education in secure programming. The road maps explain what the members of the constituent group should know, various methods by which they might be educated, and what resources will be necessary to achieve that level of education. The road maps also identify expected and possible challenges to meeting these goals the potholes. Each roadmap concludes with specific recommendations for meeting the articulated educational goals. Although presented as separate road maps, one for each constituent audience (computer science students; non-computer science students; community college students; K-12 students; computer science professionals; and non-computer science professionals), the roadmaps should be considered as different views of a unified educational program that spans kindergarten through professional development, and audiences ranging from software developers to those who focus on management, policy and use to ordinary computer users. Thus, the educational goals in the road maps should be considered the core fundamental end points to be reached through instruction guided by a secure programming curriculum. Overall, SESS participants asserted that secure programming must be considered within the context of the system design and deployment process. They highlighted 6 critical points that students of secure programming should know: 1. Understanding security, especially during design, requires a holistic approach; 2. Understanding and being able to identify common and emerging attack vectors is a critical component of security; 3. Well-tested principles and frameworks of software development can inhibit attacks; 4. All frameworks have weaknesses and subtleties; 5. Part of secure programming is using strategic approaches to overcome these weaknesses; and 6. Users of tools that aid in secure programming must know how to use those tools, and understand their limitations. Summary of the Recommendations Several themes emerged from the recommendations of the individual roadmaps. The ten recommendations below provide a starting point for stakeholders across constituent groups to begin to transform education in secure software. 1. Increase the number of faculty who understand the importance of secure programming principles, and will require students to practice them. 2. Provide faculty support for the inclusion of security content in existing courses through clinics, labs, and other curricular resources. 3. Establish professional development opportunities for college faculty, non-computer science professionals, and K-12 educators to heighten their awareness and understanding of secure programming principles. 4. Integrate computer security content into existing technical (e.g. programming) and nontechnical (e.g. English) courses to reach students across a variety of disciplines. Summit on Education and Secure Software Final Report 2

7 5. Require at least one computer security course for all college students: a. For CS students focus on technical topics such as how to apply the principles of secure design to a variety of applications. b. For non-cs students focus on raising awareness of basic ideas of computer security. 6. Encourage partnerships and collaborative curriculum development that leverages industry and government needs, resources, and tools. 7. Promote collaborative problem solving and solution sharing across organizational (e.g. corporate) boundaries. 8. Use innovative teaching methods to strengthen the foundation of computer security knowledge across a variety of student constituencies. 9. Develop metrics to assess progress toward meeting the educational goals specified in the roadmaps presented in this document. 10. Highlight the role that computer security professionals should play in key business decision-making processes. Conclusion A holistic view of secure software education suggests that programmers and non-programmers alike must be educated in the core principles and practices of secure software design. A paradigmatic shift that adjusts the current emphasis from students as customers to society as customers will support holistic and comprehensive curricular reform. In order to achieve this level of transformation in the underlying educational system, SESS participants identified several structural enablers that must be considered. Although not explored in detailed during this event, we suggest that topics such as: the cultural shift among faculty and industry stakeholders that supports the development of a holistic view of software security; the identification of measurable objectives and corresponding measurement methods; the development of national licensure programs; and the alignment of expectations for university education and realistic constraints in the system; should be the focus of follow-up efforts. Summit on Education and Secure Software Final Report 3

8 Summit on Education and Secure Software Final Report 4

9 Summit on Education in Secure Software We... [have a] desperate shortage of people who can design secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate and reconstitute from damage due to system failures and malicious acts. 1 The term secure programming is a misnomer. By rights, it should refer to programming designed to satisfy a specified security policy the definition of secure, after all, is satisfying a security policy. 2 But the term is used more broadly to refer to programming designed to prevent problems that might cause security breaches. This style of programming deals with common programming errors (such as failing to check that the size of an input is no greater than the size of where it is to be stored), and should more properly be called robust programming. 3 Taking this more comprehensive view of secure programming, the Summit on Education in Secure Software (SESS) examined the questions of what should be taught in our nation's educational programs about secure programming to various constituencies of students, and what would be required to do so. The constituencies of students include computer science students, programmers, and non-technical students at the levels of post-secondary education, and secondary education. This report provides the background for the workshop, the workshop's goals, its organization, and key findings. Background President Obama has stated that recruiting and retaining cybersecurity professionals is a national security priority. 4 Almost every facet of society relies upon computer systems and infrastructure; indeed, that infrastructure provides critical support for the global economy, civil infrastructure such as power grids and other mechanisms for distributing utilities, and public safety. This led Mr. Obama to assert that cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century. 5 In order to meet these challenges, the software that controls these systems and infrastructure must be reliable, robust, and able to satisfy the requirements that are placed upon it. To this end, all people involved in the development and deployment of these systems and infrastructure, from the policymakers who determine what requirements the systems must meet to the businesspeople who provide the support needed to create the systems to the architects of the systems to their implementers, operators, and support personnel, must understand something about what constitutes software that will control these systems. The notion of trustworthy computing embodies many more facets of computing than software implementation, but poorly implemented software undermines other aspects of trustworthy computing. 1 K. Evans and F. Reeder. A Human Capital Crisis in Cybersecurity. Center for Strategic and International Studies. Washington, DC (2010). MA (2003) p See, for example, M. Bishop, Computer Security: Art and Science, Addison-Wesley Professional. Boston, 3 Throughout the rest of this document, we use secure to conform to the more common usage. We are, however, speaking of teaching robust coding to anticipate and avoid problems (which we may not yet know about) brought on by fragile (non-robust) programming Cyberspace Policy Review: Assuring a Trusted & Resilient Information & Communication Infrastructure: 5 Ibid Summit on Education and Secure Software Final Report 5

10 Thus, principles of secure programming must be integrated into a curriculum designed to meet the cyber security challenges of the future. Because of the breadth of people who will affect, or be affected by, software, understanding the difference between software that is sufficiently robust to avoid common programming errors and software that is not robust is critical to a variety of disciplines, both technical and non-technical. The most appropriate method for teaching this material, and more importantly what resources are necessary to teach it, has not been well explored. Summit on Education in Secure Software In response to this challenge, the National Science Foundation Directorates of Computer and Information Science and Engineering (CISE) and Education and Human Resources (EHR) jointly sponsored the Summit on Education in Secure Software. The focus of the summit was on how best to educate both students and current professionals on secure programming concepts and practices, and to provide roadmaps indicating both the resources required and the problems that had to be overcome. Organized by The George Washington University and the University of California at Davis, the summit began with a teleconference on September 7, 2010 and continued with a two-day event held in Washington, DC on October 18 and 19, The SESS overview document is included as Appendix A, the organizing questions are given in Appendix B, and the agenda is presented in Appendix C. SESS participants included representatives from academia and professional organizations across the public and private sectors as well as policy makers and government representatives. This multidisciplinary group brought the needed depth (to identify technical challenges) and breadth (to identify operational constraints and opportunities) to enable the summit to find ways to advance and improve the current state of education in secure software. Appendix D lists the participants in the SESS. SESS Objectives The high-level goal of the SESS was to develop a comprehensive agenda focused on the challenges of secure software education. This challenge arises within the context of student education and professional development and training, and is aggravated by curricular and faculty constraints. Additionally, the need to measure attainment in a meaningful, useful way complicates the problem. The SESS had three objectives: 1. To have cyber security stakeholders from academia, government, industry, and certification and training institutions discuss the goals of teaching secure programming and the current state of that teaching; 2. To use that discussion as the basis of a collaborative effort to develop new approaches, and improve existing approaches, to improve the quality of that education and to enable it to reach a broader audience; and 3. To outline a comprehensive agenda for secure software education that includes methods, resources needed, and problems that are foreseen to arise. To achieve these objectives, the summit combined activities designed to gather, synthesize, and disseminate insights that enhance the education of students in secure software. A key consideration was capturing what the implementation of those plans would require. We began by posing a set of organizing discussion questions (shown in Appendix A), and asking participants to discuss them using a social networking website before the preliminary teleconference and the actual summit meeting. Summit on Education and Secure Software Final Report 6

11 SESS Teleconference Before the summit meeting in Washington DC, invitees participated in a teleconference. This began as a plenum session, and then the group split into three small discussion groups, one each focusing on academia, industry, and government and others. The goal was to develop a preliminary view of the requirements and challenges of teaching secure programming from the perspectives of each of the three groups. The requirements and challenges are discussed in the next section. A common, key theme emerging from the discussions is that any successful approach to teaching secure programming will have to address concerns within and among the sectors. Secure Programming Education: Requirements and Challenges This section of the report provides summaries and detailed listings of the requirements and challenges (see Tables 1 and 2). The members of the groups identified some requirements and challenges critical, and in some cases multiple groups identified the same requirements and challenges. These are highlighted (bold, underlined) in each table. The requirements and challenges were used to seed the development of the roadmaps. Summary of Requirements Distinct themes emerged from the group discussions. The academic and industry groups emphasized the importance of educating students about why robust, secure code is critical to security, and (where appropriate) about how to write secure code. They also pointed out the need to be able to critique code, to identify non-robust practices and security vulnerabilities in both other people's and their own code. This includes knowing how to test code. Industry participants focused on peer review as an important element of analysis, and academic participants focused on teaching approaches and frameworks that would provide the tools to do the analysis. Government participants presented the need to recognize the possible security problems of foreign code and the consequences that might result from the integration of code drawn from multiple sources. All groups noted that secure programming must be considered within the context of the full system design and deployment process. The requirements discussion highlighted 6 critical points that students of secure programming should know: 1. Understanding security, especially during design, requires a holistic approach; 2. Understanding and being able to identify common and emerging attack vectors is a critical component of security; 3. Well-tested principles and frameworks of software development can inhibit attacks; 4. All frameworks have weaknesses and subtleties; 5. Part of secure programming is using strategic approaches to overcome these weaknesses; and 6. Users of tools that enhance secure programming must know how to use those tools, and understand their limitations. Summit on Education and Secure Software Final Report 7

12 Details of Requirements Table 1 shows the requirements for secure programming based on the perspectives of each sector, and highlights the requirements that cross multiple sectors. Identified Requirements for Secure Academic Industry Government Programming Education Importance of writing secure, robust programs X X X Security is not just about coding it is the entire design and deployment process. X X X Understand that code is international, and that your code may interact with foreign code in unanticipated ways. Common attack vectors, and perpetual emergence of new vectors. Know, and be committed to using best practices, at all times. Well-tested principles and frameworks for creating secure programs. Edge cases and how to test for them. The importance of peer review. Weaknesses and subtleties in the frameworks and approaches to overcoming them. The cost of finding bugs and security flaws at various stages of the design process and after deployment. How to use tools to test their designs. The security vulnerabilities of specific computer languages. Understand what exploits are being used, and how to defend against them. X X X X X X X X X X X X Table 1: Requirements for Secure Programming Education Identified by Sector Summit on Education and Secure Software Final Report 8

13 Summary of Challenges The challenges to teaching secure programming for each of the groups proved quite different. The academic participants focused on the challenges related to faculty. Developing faculty skills in security, especially secure programming, and understanding the significance of secure programming is particularly important. Once these skills are developed, the next challenge is to identify effective methods for those faculty members to maintain a current knowledge-base, and to ensure that they learn accurate, realistic and timely scenarios, and are able to communicate them to students. Industry participants expounded the need to convey the criticality of data integrity and migration strategies. Like the academic participants, they felt that ensuring faculty taught, and students saw, accurate, realistic scenarios, was critical to learning secure programming. Government (and other) participants highlighted the challenges of understanding the risks associated with highly interconnected systems. Among the complications were connections across sector boundaries, national boundaries, and cultural boundaries. A second, equally important, challenge is mitigating those risks. These challenges were consistent with the requirements that emerged from the government (and other) groups. Summit on Education and Secure Software Final Report 9

14 Details of Challenges Table 2 shows the challenges for secure programming based on the perspectives of each sector, and highlights the challenges that cross multiple sectors. Identified Challenges for Secure Programming Education Developing faculty skills in security, especially secure programming, and understanding the importance of secure programming. Teaching materials that are suitable and continuously up-to-date. Aligning concepts with student abilities. Finding room (and proper placement) in the curriculum for security topics. Academic Industry Government X X X X X X X Organizing secure coding rules into a coherent framework. X X Licensing and NDA restrictions. X X Helping individuals understand the threats posed by the Internet and interconnected systems. X X Conveying accurate information about the threat environment; including accurate simulations of attack-defend incidents. Designing systems with the concept of least privilege in mind. Assisting with sensible & informed risk management decisions in light of interconnected systems. Researching and testing best practice tools and techniques. Ensuring that mitigation strategies are incorporated in the design process. Ensuring sufficient system tests and evaluations before deployment. X X X X X X Table 2: Challenges for Secure Programming Education Identified by Sector Summit on Education and Secure Software Final Report 10

15 The Roadmaps (and Potholes) A goal of the summit was to develop road maps that describe ways to improve the state of education in secure programming. The road maps explain what the students should know, various methods by which they might be educated, and what resources will be necessary to achieve that level of education. The road maps also identify expected and possible challenges to meeting these goals the potholes. The summit used small working group sessions and plenary discussions to achieve this end. The first day began with a plenary session with presentations from an academic (Matt Bishop, University of California at Davis), a non-government practitioner (Alan Paller, SANS), and a government practitioner (Dickie George, National Security Agency). At lunch, the participants heard about models of education from the medical and legal professions. Then the workshop separated into three groups corresponding to the ones in the teleconference, and discussed how to improve the state of education in secure programming. At dinner, deans from several schools addressed the topic of the role of higher education. On the second day, a professor of education (Melissa Dark, Associate Dean of the Purdue University College of Technology) addressed the group, discussing how to design a curriculum for secure programming. The workshop then split into numerous subgroups, focusing on the intended audiences for the education: computer science students, non-computer science students, community college students, K- 12 students, computer science professionals, and non-computer science professionals. The day concluded with an afternoon plenary in which plans for developing a comprehensive agenda were discussed. Although presented as separate guides, one for each constituent audience, the road maps should be considered as different views of a unified educational program that spans kindergarten through professional development, and audiences ranging from software developers to those who focus on management, policy and use to ordinary computer users. Thus, the educational goals in the road maps should be considered the core fundamental end points to be reached through instruction guided by a secure programming curriculum. Professor Dark eloquently argued that educational goals must consider both curriculum (what you teach) and instruction (how you teach). Curriculum identifies the desired results of the education, as well as suggesting specific evidence to determine whether those results are met, and planning how to teach the students to ensure they reach those results. According to Prof. Dark, the development of educational goals should take into account Bloom s Taxonomy of Learning, which posits three interrelated dimensions of learning (e.g. cognitive, affective, and psychomotor). This complex learning process requires interdisciplinary assessment tools. For example, the Forced Concept Inventory (FCI), a mechanism commonly used in disciplines such as English, can reveal declarative, conceptual, procedural, principle, and problem solving skills. As such, it allows us to know what the students know and can help us understand student needs in a holistic way. Using this approach to design and implement a secure programming education that effectively engages the minds, experiences, and education of novices and experts, can help identify student needs, and match them to appropriate teaching methods and educational venues. Summit on Education and Secure Software Final Report 11

16 Box 1. Building a Securing Programming System Melissa Dark, Associate Dean, College of Technology, Purdue University Educational goals must consider both curriculum (what you teach) and instruction (how you teach). Curriculum provides the opportunity to identify desired results, which help determine acceptable evidence, and plan the learning experience. This approach to building a securing programming system, that more effectively separates the minds, experiences, and education of novices and experts, can aid in the identification and matching of student needs to appropriate teaching methods and educational venues. The Road Maps The remainder of this report contains the road maps developed by the workshop participants for each of the constituent groups. The road maps are the collective response to the first two organizing questions: What should be taught? What resources are required to properly teach these concepts? They are presented in the following order: Computer science students; Non-computer science students; Community college students; K-12 students; Computer science professionals; and Non-computer science professionals. All activities, whether related to faculty development or curricular additions, will require money. The report does not specify how much money is required because this will depend upon the precise plans developed, the institutions and people involved in the execution of the plans, and a host of other factors. So, readers should take this as a given. The roadmaps discuss non-financial resources that meeting the educational goals will require. The potholes are the challenges associated with teaching the concepts and acquiring the necessary resources. Each roadmap begins by defining the constituent group. It then presents the educational goals, required resources and associated potholes. Each roadmap ends with a recommendation for action. Individually, the roadmaps provide specific guides for each constituent group. Collectively, they provide a series of recommended steps to develop a system of secure software education that addresses both overlapping and divergent needs of the constituent groups. Summit on Education and Secure Software Final Report 12

17 The Roadmap: Computer Science Students Who are they? Summit participants defined computer science students as all students majoring in computer science or computer engineering. The Roadmap All computer science majors require students to know how to program. The ideas developed by the participants of this group build upon that observation. All students should understand the very basics of security, for example being able to discuss the meaning of confidentiality, integrity, availability, privacy, separation of duties, layering of security mechanisms (also called defense in depth, and the idea of least privilege, even if their primary focus is not systems or software. A general-purpose computer security course is an appropriate way to cover this material. Opinions differed on whether the course should be in the first two or last two undergraduate years. All students should understand the role of security in design as well as implementation. This includes common patterns used to improve security. As was noted in the working group, this is really just good design. Part of this, is understanding what can happen if one does not apply the tools and techniques to identify and resolve potential problems. This also should be discussed, including not only technical issues such as corruption of data and resources but also the non-technical, and often intangible, consequences such as loss of money, customer trust, and damage to reputation. The material the students learn should be grounded in problems and practices found in industry and government. In particular, the security issues raised should reflect the real world as well as teach principles. Usability is a part of this, because security problems often arise when systems and programs are so complex that users, and more importantly system administrators who install and configure these, make mistakes that open the system, site, and organization to attack. The security lessons need to be integrated into courses that are not primarily security-related. For example, in software engineering courses, security could be framed as a necessary component of software quality. In this way, raising the security implications arising from decisions at each stage of the life cycle would make the students more aware of and sensitive to security considerations. In particular, the various aspects of input validation, the inadequacy of which is currently a critical problem, could be integrated into all courses that require programming. Most computer science textbooks ignore problems of security, or mention them in passing; they do not explicitly include security considerations in design or implementation. Such considerations should at least be mentioned in design; examples of code should embody these principles in practice. One way to do this would be to work with textbook authors to ensure that the example programs and system designs include security considerations, including the application of secure programming techniques. An alternative is to develop supplements to widely used textbooks that expand upon the application of security principles to the subject matter in the textbook, in a way that integrates with the textbook. More general supplementary lab books could achieve the same effect, but the instructor would have to integrate the material into the course curriculum rather than treating it as simply a part of the text. Students need to be able to assess existing programs and systems, and be able to work with other people s code. For example, most academic programs are relatively small, and students write them either alone or in small groups. But non-academic projects are typically large and complex, and teams of Summit on Education and Secure Software Final Report 13

18 programmers work together to develop them. This means that programmers spend much of their time reading and modifying other people's code. Because of the security implications of making such changes and integrating back into the code base, students should know how to analyze existing code as well as develop secure code. To support their learning how to assess programs, students should have resources available to assess their own programs. Tools and other technologies will help meet this need. Source code review tools and testing tools will cover the back end, but at the front, the use of languages and integrated development environments (IDEs) that restrict the ability of the programmer/student to create non-secure programming constructs is also helpful. Care must be used, though, because requiring students to use a programming language designed for security in all classes will severely impact their ability to use the languages that are common in industry. The problem is not merely that they will be inexperienced in those languages. More importantly, they will not know how to write secure code in those languages because the language and IDEs they use will not require them to apply the principles of secure programming on their own, and thus inhibit their familiarity with the practice of those principles. Perhaps more valuable than tools is human assessment--someone who can review programs and point out examples of (potential) problems, so the student can then learn how to do so themselves. From such interactions, the student will learn how to do assessments the practice rather than the theory (which can be taught in regular classes). The idea of a secure programming clinic, which would function much as a writing clinic and writing support systems do in law schools and other departments, was discussed, but concerns were raised about its scalability. One way to force this upon students is to give students (or teams of students) an assignment, and later in the term require them to extend the programs. However, for the extension, each student (or team) is given another student s (team s) program, or a poorly written, uncommented program from a standard repository. This very quickly teaches students the need to write good, clear code and as a side benefit, it also encourages good documentation. Concerns focused on teaching secure programming. Participants noted that graduate students would be needed, both to work with students in doing assessments and to grade assignments (in their roles as teaching assistants). Unfortunately, the participants felt that few graduate students have the skills and experience in secure programming to do this. Worse, many faculty either do not have the skills, or do not believe that students need to continuously use secure programming techniques (because they are ancillary to the material in that particular course), or both. Participants agreed that a major problem is to raise awareness of the need to know something about security in general and secure programming in particular. One suggestion was that those who are trying to hire graduating students (and interns) should put in their job descriptions a statement of what the job requires with respect to security, such as a basic knowledge of it or the ability to apply the principles of secure programming when writing and/or analyzing code. This would be something industry and government could do to make faculty in particular and academia in general believe that security, and knowing how to write secure programs, is important. Summary Educational Goals Students should understand the basics of security Students should understand the role of security in design as well as implementation. Summit on Education and Secure Software Final Report 14

19 Students should know about security issues, problems, and methods currently used in industry and government, and how those expand upon basic security principles. Students should understand the basics of usability, especially how a failure to take into account the user when designing interfaces can create or exacerbate security problems. Students should be able to assess code written by others. Students should have experience working on large projects, and in particular gain experience in using a source code control system. Students should be able to identify and question assumptions that relate to security, especially when those assumptions affect coding style and program structure and implementation. This will teach them how to think like an attacker. Teaching Methods All students should take a general-purpose computer security course that covers the basic ideas and principles of security. Classes should teach good program design in the particular area of the class. This also includes the principles and practice of secure programming. Use real world examples to teach the importance of, and the need for, practicing secure programming techniques. Create a repository of fragile, uncommented, non-secure programs and modules for use in exercises teaching students how to analyze, and how to harden, existing code. Create a repository of real world examples to teach the importance of, and the need for, practicing secure programming techniques. Have students use a source code control system for all their programs. Have students use commercially available tools to find potential problems in programs. Require students to work on programs in teams. Have students critique programs and designs in textbooks and other repositories for potential security problems, including a failure to apply principles of secure programming. Use widely available lists of vulnerabilities and compromises to demonstrate basic principles of security. Provide both tools and assistance for students in assessing code. This will give them hands-on experience in doing assessments. Resource Requirements Graduate students who know security and secure programming to help grade programs and help students learn to assess code. Currently, most graduate students lack this knowledge, so they would need to be taught this. Summit on Education and Secure Software Final Report 15

20 Support for clinics and hands-on laboratories, especially people, space, and equipment. Tools and other material used in industry. A means to learn what currently are the problems that institutions are facing with respect to poor coding; what are the most troublesome vulnerabilities, what are the currently used practices, and so forth. Potholes/Challenges Lack of students to support mentoring in assessments of programs; this includes grading programs in all classes using secure programming criteria. Limited space in the curriculum to add new courses or new content to existing courses. The lack of faculty who know, understand, and apply secure programming techniques, and will require students to use them in non-security related assignments. Motivating faculty to include security content to their curriculum. The slow pace of change in academia. Finding textbooks that include secure programming considerations, especially at the beginning programming level. Getting those who hire students to write the need for a basic knowledge of security into their job descriptions. Getting material support from industry and government, in the form of tools and information to guide the faculty in teaching students this material. Recommendations Take steps to increase the number of faculty who know about and are willing to require the application of secure programming in their classes (especially non-security classes). Integrate computer security into existing (non-security) courses in minimally invasive ways. Work with publishers and others to develop supplements to textbooks that provide examples that exhibit secure programming practices. In the future, work to get such examples into the textbooks themselves. Encourage the use of industry tools and technologies in the classroom and for projects. Among these are code analysis tools and source code control systems, as well as collaborative systems. Provide support for faculty and students to assess student programs and projects for robustness, especially to teach students how to assess their own, and others', programs. This can be done through a clinic, classroom instruction, or some other medium. Students should take a class in the basic principles and ideas of security, including important security issues, problems, and secure coding practices, and how those relate to principles. Summit on Education and Secure Software Final Report 16

SECURE AND TRUSTWORTHY CYBERSPACE (SaTC)

SECURE AND TRUSTWORTHY CYBERSPACE (SaTC) SECURE AND TRUSTWORTHY CYBERSPACE (SaTC) Overview The Secure and Trustworthy Cyberspace (SaTC) investment is aimed at building a cybersecure society and providing a strong competitive edge in the Nation

More information

Secure Programming: A Way of Life (or Death) Matt Bishop Computer Security Laboratory Dept. of Computer Science University of California at Davis

Secure Programming: A Way of Life (or Death) Matt Bishop Computer Security Laboratory Dept. of Computer Science University of California at Davis Secure Programming: A Way of Life (or Death) Matt Bishop Disclaimer ä All opinions expressed here are not necessarily those of the: ä ä Department of Computer Science ä University of California ä Any other

More information

Click to edit Master title style

Click to edit Master title style EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity

More information

Position Statement on English Language Arts Education Connecticut State Board of Education December 3, 2008

Position Statement on English Language Arts Education Connecticut State Board of Education December 3, 2008 Position Statement on English Language Arts Education Connecticut State Board of Education December 3, 2008 The Connecticut State Board of Education believes a high-quality, comprehensive prekindergarten-12

More information

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity

More information

CAL Online Resources: Digests

CAL Online Resources: Digests Partners in Pedagogy: Collaboration Between University and Secondary School Foreign Language Teachers October 1999 Lina Lee, University of New Hampshire One of the challenges facing many foreign language

More information

An Information Assurance and Security Curriculum Implementation

An Information Assurance and Security Curriculum Implementation Issues in Informing Science and Information Technology Volume 3, 2006 An Information Assurance and Security Curriculum Implementation Samuel P. Liles and Reza Kamali Purdue University Calumet, Hammond,

More information

Academic Program Review SUMMARY* Department under review: Computer Science. Date self-study received in Dean s office: November 21, 2013

Academic Program Review SUMMARY* Department under review: Computer Science. Date self-study received in Dean s office: November 21, 2013 Academic Program Review SUMMARY* Department under review: Computer Science Date self-study received in Dean s office: November 21, 2013 Date of external consultant s review: November 2013 Date APR received

More information

Security Education for the new Generation

Security Education for the new Generation Security Education for the new Generation SESSION SESSION ID: ID: MASH-W02 Wednesday, Feb 26, 9:20 AM @ WEST 3018 Jacob West Chief Technology Officer HP Enterprise Security Products Matt Bishop Professor

More information

Evaluation of degree programs. Self-Evaluation Framework

Evaluation of degree programs. Self-Evaluation Framework Evaluation of degree programs Self-Evaluation Framework COVER, December 2009 FOREWORD UNIL's approach to quality emphasizes procedures based on reflection that encourage the faculties and units concerned

More information

STUDENT LEARNING ASSESSMENT REPORT MS Cybersecurity

STUDENT LEARNING ASSESSMENT REPORT MS Cybersecurity STUDENT LEARNING ASSESSMENT REPORT MS Cybersecurity SUBMITTED BY: DIANE MURPHY DATE: OCTOBER 15, 2014 BRIEFLY DESCRIBE WHERE AND HOW ARE DATA AND DOCUMENTS USED TO GENERATE THIS REPORT BEING STORED: BLACKBOARD

More information

Crosswalk of the New Colorado Principal Standards (proposed by State Council on Educator Effectiveness) with the

Crosswalk of the New Colorado Principal Standards (proposed by State Council on Educator Effectiveness) with the Crosswalk of the New Colorado Principal Standards (proposed by State Council on Educator Effectiveness) with the Equivalent in the Performance Based Principal Licensure Standards (current principal standards)

More information

Creating Quality Developmental Education

Creating Quality Developmental Education ***Draft*** Creating Quality Developmental Education A Guide to the Top Ten Actions Community College Administrators Can Take to Improve Developmental Education Submitted to House Appropriations Subcommittee

More information

From http://smallbusiness.chron.com/difference-between-strategic-operational-objectives-24572.html

From http://smallbusiness.chron.com/difference-between-strategic-operational-objectives-24572.html From http://smallbusiness.chron.com/difference-between-strategic-operational-objectives-24572.html Strategic Objectives Strategic objectives are long-term organizational goals that help to convert a mission

More information

Masters Comprehensive Exam and Rubric (Rev. July 17, 2014)

Masters Comprehensive Exam and Rubric (Rev. July 17, 2014) 1 Educational Leadership & Policy Studies Masters Comprehensive Exam and Rubric (Rev. July 17, 2014) The comprehensive exam is intended as a final assessment of a student s ability to integrate important

More information

SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY

SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

Board of Commissioners

Board of Commissioners Board of Commissioners SELF-STUDY HANDBOOK CHAPTER TWO Guidelines for Conducting an Institutional Self-Study TABLE OF CONTENTS Introduction 1 Purpose of the Self-Study 1 Institutional Evaluation 1 Institutional

More information

AC 2011-1304: INTEGRATION OF HUMANITIES AND SOCIAL SCIENCES INTO CIVIL ENGINEERING EDUCATION

AC 2011-1304: INTEGRATION OF HUMANITIES AND SOCIAL SCIENCES INTO CIVIL ENGINEERING EDUCATION AC 2011-1304: INTEGRATION OF HUMANITIES AND SOCIAL SCIENCES INTO CIVIL ENGINEERING EDUCATION Jeffrey C. Evans, Bucknell University Jeffrey Evans is Professor and Chair of the Department of Civil and Environmental

More information

Task Force on Undergraduate Education Across the University. What the University Should Do Fall 2010

Task Force on Undergraduate Education Across the University. What the University Should Do Fall 2010 Task Force on Undergraduate Education Across the University What the University Should Do Fall 2010 In the interest of promoting higher education in the most important sense at Washington University, a

More information

Developing a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc.

Developing a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc. Developing a Successful Security Awareness Training Program Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc. Agenda The human element of cyber security Building your case Building

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

Cyber Learning Solutions

Cyber Learning Solutions Cyber Learning Solutions 2014 Extended Course Catalog Raytheon Cyber Solutions Inc. (RCSI) cyber-training@list.app.ray.com www.raytheon.com 1 Raytheon Cyber Learning Solutions 2014 Catalog CONTENTS The

More information

FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y. By IEEE USA s Committee on Communications Policy

FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y. By IEEE USA s Committee on Communications Policy FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y By IEEE USA s Committee on Communications Policy December 2011 This Frequently Asked Questions (FAQs) was prepared by IEEE-USA s Committee on Communications

More information

GRADUATE SCHOOL AND CONTINUING EDUCATION OFFICE OF THE DEAN

GRADUATE SCHOOL AND CONTINUING EDUCATION OFFICE OF THE DEAN GRADUATE SCHOOL AND CONTINUING EDUCATION OFFICE OF THE DEAN SUMMER SESSION 2015 POLICIES AND PROCEDURES Summer I: Tuesday, May 19, 2015 - Friday, June 26, 2015 Summer II: Monday, June 29, 2015 - Friday,

More information

California State University, Stanislaus Business Administration (MBA) ASSESSMENT REPORT 2008 09 and PLAN 2009 2010

California State University, Stanislaus Business Administration (MBA) ASSESSMENT REPORT 2008 09 and PLAN 2009 2010 California State University, Stanislaus Business Administration (MBA) ASSESSMENT REPORT 2008 09 and PLAN 2009 2010 I. OVERVIEW The MBA Program in the College of Business Administration reaffirms its commitment

More information

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity; NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

Teaching and Learning Strategy for UCL Computer Science. Stage 1: the narrative or vision

Teaching and Learning Strategy for UCL Computer Science. Stage 1: the narrative or vision LONDON S GLOBAL UNIVERSITY Teaching and Learning Strategy for UCL Computer Science Stage 1: the narrative or vision What does the department stand for? What does it want to achieve? What is it going to

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information

Developing an Open Educational Resource for Secure Software Development

Developing an Open Educational Resource for Secure Software Development Developing an Open Educational Resource for Secure Software Development Dr. Heather Richter Lipford Assistant Professor, Department of Software and Information Systems Dr. Bill Chu Chair, Department of

More information

Weldon School of Biomedical Engineering Continuous Improvement Guide

Weldon School of Biomedical Engineering Continuous Improvement Guide Weldon School of Biomedical Engineering Continuous Improvement Guide The intent of this document is to assist faculty, staff, students, and constituents of the Weldon School of Biomedical Engineering in

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Characteristics of Effective and Sustainable Teaching Development Programs for Quality Teaching in Higher Education

Characteristics of Effective and Sustainable Teaching Development Programs for Quality Teaching in Higher Education Characteristics of Effective and Sustainable Teaching Development Programs for Quality Teaching in Higher Education This presentation will address the following conference aim/question: What are the contextual

More information

Commission on Colleges Southern Association of Colleges and Schools. Best Practices For Electronically Offered Degree and Certificate Programs

Commission on Colleges Southern Association of Colleges and Schools. Best Practices For Electronically Offered Degree and Certificate Programs Commission on Colleges Southern Association of Colleges and Schools Best Practices For Overview to the Best Practices These Best Practices are divided into five separate components, each of which addresses

More information

Course Descriptions November 2014

Course Descriptions November 2014 Master of Science In Information Security Management Course Descriptions November 2014 Master of Science in Information Security Management The Master of Science in Information Security Management (MSISM)

More information

Curriculum and Instruction: A 21st Century Skills Implementation Guide

Curriculum and Instruction: A 21st Century Skills Implementation Guide Curriculum and Instruction: A 21st Century Skills Implementation Guide Produced by To succeed in college, career and life in the 21st century, students must be supported in mastering both content and skills.

More information

Training Guide #1: Strategic Planning

Training Guide #1: Strategic Planning Training Guide #1: Strategic Planning Where are we going? How will we get there? What is Strategic Planning? Strategic planning is the process of determining your program's long-term goals and identifying

More information

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

Since the 1990s, accountability in higher education has

Since the 1990s, accountability in higher education has The Balanced Scorecard Beyond Reports and Rankings More commonly used in the commercial sector, this approach to strategic assessment can be adapted to higher education. by Alice C. Stewart and Julie Carpenter-Hubin

More information

Information Technology Strategic Plan 2013

Information Technology Strategic Plan 2013 The primary mission of ITS is to provide high quality infrastructure, support, and innovation in the delivery of information technology products and services to continually advance UCSC s reputation as

More information

"Professional Programs in/and the Liberal Arts University January 25, 2010

Professional Programs in/and the Liberal Arts University January 25, 2010 Moderator: Michael R. Halleran, Provost "Professional Programs in/and the Liberal Arts University January 25, 2010 Panel: Pamela Eddy, Associate Professor of Education Bill Geary, Associate Professor of

More information

PRO-NET. A Publication of Building Professional Development Partnerships for Adult Educators Project. April 2001

PRO-NET. A Publication of Building Professional Development Partnerships for Adult Educators Project. April 2001 Management Competencies and Sample Indicators for the Improvement of Adult Education Programs A Publication of Building Professional Development Partnerships for Adult Educators Project PRO-NET April 2001

More information

The Accounting Education Change Commission Grant Experience: A Summary

The Accounting Education Change Commission Grant Experience: A Summary The Accounting Education Change Commission Grant Experience: A Summary Chapter 8 UNIVERSITY OF CHICAGO GRADUATE SCHOOL OF BUSINESS Type, Size and Mission of Accounting Program The Graduate School of Business

More information

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness

More information

Principal Practice Observation Tool

Principal Practice Observation Tool Principal Performance Review Office of School Quality Division of Teaching and Learning Principal Practice Observation Tool 2014-15 The was created as an evidence gathering tool to be used by evaluators

More information

CALIFORNIA S TEACHING PERFORMANCE EXPECTATIONS (TPE)

CALIFORNIA S TEACHING PERFORMANCE EXPECTATIONS (TPE) CALIFORNIA S TEACHING PERFORMANCE EXPECTATIONS (TPE) The Teaching Performance Expectations describe the set of knowledge, skills, and abilities that California expects of each candidate for a Multiple

More information

Delta Courses. *The College Classroom. The College Classroom: International Students, International Faculty. Diversity in the College Classroom

Delta Courses. *The College Classroom. The College Classroom: International Students, International Faculty. Diversity in the College Classroom COURSE CATALOG Contents Introduction... 3 Delta Courses... 4 The College Classroom... 4 The College Classroom: International Students, International Faculty... 4 Diversity in the College Classroom... 4

More information

BS Environmental Science (2013-2014)

BS Environmental Science (2013-2014) BS Environmental Science (2013-2014) Program Information Point of Contact Brian M. Morgan (brian.morgan@marshall.edu) Support for University and College Missions Marshall University is a multi-campus public

More information

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT Rok Bojanc ZZI d.o.o. rok.bojanc@zzi.si Abstract: The paper presents a mathematical model to improve our knowledge of information security and

More information

Certifications and Standards in Academia. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute

Certifications and Standards in Academia. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute Certifications and Standards in Academia Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute Accreditation What is it? Why is it important? How is it attained? The National Centers

More information

Industrial Engineering Definition of Tuning

Industrial Engineering Definition of Tuning Industrial Engineering Definition of Tuning Tuning is a faculty-led pilot project designed to define what students must know, understand, and be able to demonstrate after completing a degree in a specific

More information

Supporting the Implementation of NGSS through Research: Curriculum Materials

Supporting the Implementation of NGSS through Research: Curriculum Materials Supporting the Implementation of NGSS through Research: Curriculum Materials Janet Carlson, BSCS/Stanford University Elizabeth A. Davis, University of Michigan Cory Buxton, University of Georgia Curriculum

More information

ACT National Curriculum Survey 2012. Policy Implications on Preparing for Higher Standards. improve yourself

ACT National Curriculum Survey 2012. Policy Implications on Preparing for Higher Standards. improve yourself ACT National Curriculum Survey 2012 Policy Implications on Preparing for Higher Standards improve yourself ACT is an independent, not-for-profit organization that provides assessment, research, information,

More information

CYBERSPACE SECURITY CONTINUUM

CYBERSPACE SECURITY CONTINUUM CYBERSPACE SECURITY CONTINUUM A People, Processes, and Technology Approach to Meeting Cyber Security Challenges in the 21 st Century 1 InterAgency Board 1550 Crystal Drive Suite 601, Arlington VA 22202

More information

Keynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium

Keynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium Keynote Speech by Beth Dugan Deputy Comptroller for Operational Risk at The Clearing House s First Operational Risk Colloquium February 11, 2015 Washington, D.C. Thank you. It s an honor to be invited

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with

More information

Cybersecurity Awareness for Executives

Cybersecurity Awareness for Executives SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity

More information

ADEPT Performance Standards. for. Classroom-Based Teachers

ADEPT Performance Standards. for. Classroom-Based Teachers ADEPT Performance Standards for Classroom-Based Teachers Revised ADEPT Performance Standards for Classroom-Based Teachers Introduction Central to the ADEPT system is a set of expectations for what teaching

More information

Approaches to learning (ATL) across the IB continuum

Approaches to learning (ATL) across the IB continuum Approaches to learning (ATL) across the IB continuum Through approaches to learning in IB programmes, students develop skills that have relevance across the curriculum that help them learn how to learn.

More information

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be! I D C T E C H N O L O G Y S P O T L I G H T S e r ve r S e c u rity: N o t W h a t It U s e d t o Be! December 2014 Adapted from Worldwide Endpoint Security 2013 2017 Forecast and 2012 Vendor Shares by

More information

future data and infrastructure

future data and infrastructure White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal

More information

Information Technology Strategic Plan 2014-2017

Information Technology Strategic Plan 2014-2017 Information Technology Strategic Plan 2014-2017 Leveraging information technology to create a competitive advantage for UW-Green Bay Approved December 2013 (Effective January 2014 December 2017) Contents

More information

SUSTAINABILITY. Goal: Sustain environmental literacy by ensuring effective implementation of the 2010 Environmental Literacy for Illinois Plan.

SUSTAINABILITY. Goal: Sustain environmental literacy by ensuring effective implementation of the 2010 Environmental Literacy for Illinois Plan. SUSTAINABILITY Goal: Sustain environmental literacy by ensuring effective implementation of the 2010 Environmental Literacy for Illinois Plan. Objectives: 1. Develop an educated populace that will preserve,

More information

EDUC 605 Curriculum Development and Assessment.. 3 cr

EDUC 605 Curriculum Development and Assessment.. 3 cr MASTER OF ARTS IN EDUCATION The Master of Arts in Education degree program combines online learning with practical and applied learning in the classroom. The master s candidate must earn and successfully

More information

Online Course Self-Assessment Form

Online Course Self-Assessment Form Online courses are approved by the University of California in two steps: Online Course Self-Assessment Form 1. Assessment against International Association for K-12 Online Learning (inacol) course standards.

More information

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013 2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

Course Guide Masters of Education Program

Course Guide Masters of Education Program Course Guide Masters of Education Program Note: 1 course = (3) credits Students need 12 credits (4 courses) to obtain Graduate Diploma Students need 30 credits (10 courses) to obtain M.Ed. or M.A Graduate

More information

Standard 2: The program shall have an explicit philosophical statement and clearly defined knowledge base.

Standard 2: The program shall have an explicit philosophical statement and clearly defined knowledge base. Council for Standards in Human Service Education National Standards MASTER S DEGREE IN HUMAN SERVICES http://www.cshse.org 2013 (2010, 2009) I. GENERALPROGRAM CHARACTERISTICS A. Institutional Requirements

More information

Renewing our Commitment to Undergraduate Education

Renewing our Commitment to Undergraduate Education University of Wisconsin-Milwaukee Quality Initiative Proposal Renewing our Commitment to Undergraduate Education Submitted to the Higher Learning Commission of the North Central Association of Colleges

More information

Internet Applications and Web Development

Internet Applications and Web Development Internet Applications and Web Development Fundamentals Program Standard The approved program standard for the Internet Applications and Web Development Fundamentals program of instruction leading to an

More information

The Computerworld Honors Program

The Computerworld Honors Program The Computerworld Honors Program Honoring those who use Information Technology to benefit society Year: 2013 Final Copy of Case Study Status: Laureate Organization Name: Cyber Defence Challenge Organization

More information

Teaching Game Development: At the Intersection of Computer Science and Humanities & Arts

Teaching Game Development: At the Intersection of Computer Science and Humanities & Arts Teaching Game Development: At the Intersection of Computer Science and Humanities & Arts David Finkel, Mark Claypool, Michael A. Gennert Department of Computer Science Fred Bianchi, Dean O Donnell, Patrick

More information

Doctor of Education - Higher Education

Doctor of Education - Higher Education 1 Doctor of Education - Higher Education The University of Liverpool s Doctor of Education - Higher Education (EdD) is a professional doctoral programme focused on the latest practice, research, and leadership

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

DEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY

DEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY DEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY SEPTEMBER 2012 DISCLAIMER Copyright 2012 by The Institute of Internal Auditors (IIA) located at 247 Maitland Ave., Altamonte Springs, Fla., 32701,

More information

Evaluation of Undergraduate Academic Programs. Self-Study Guidelines

Evaluation of Undergraduate Academic Programs. Self-Study Guidelines Evaluation of Undergraduate Academic Programs Self-Study Guidelines Office of the Provost Fall 2009 Purpose This guide is designed to support academic unit efforts to evaluate undergraduate academic programs

More information

CyberNEXS Global Services

CyberNEXS Global Services CyberNEXS Global Services CYBERSECURITY A cyber training, exercising, competition and certification product for maximizing the cyber skills of your workforce The Cyber Network EXercise System CyberNEXS

More information

A Detailed Strategy for Managing Corporation Cyber War Security

A Detailed Strategy for Managing Corporation Cyber War Security A Detailed Strategy for Managing Corporation Cyber War Security Walid Al-Ahmad Department of Computer Science, Gulf University for Science & Technology Kuwait alahmed.w@gust.edu.kw ABSTRACT Modern corporations

More information

Priority III: A National Cyberspace Security Awareness and Training Program

Priority III: A National Cyberspace Security Awareness and Training Program Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

Pamplin College of Business Strategic Plan 2014-2019

Pamplin College of Business Strategic Plan 2014-2019 Pamplin College of Business Strategic Plan 2014-2019 Adopted: 5-13-2014 Revised: 7-3-2014 1. Introduction Pamplin is a nationally recognized, integral part of Virginia Tech the premier research university

More information

Master s in Educational Leadership Ed.S. in Administration and Supervision

Master s in Educational Leadership Ed.S. in Administration and Supervision Master s in Educational Leadership Ed.S. in Administration and Supervision Austin Peay State University Professional Educational Standards, TILS Standards, and NCATE Standards Austin Peay State University

More information

Cyber Defense Operations Graduate Certificate

Cyber Defense Operations Graduate Certificate The SANS Technology Institute makes shorter groups of courses available to students who are unable to commit to a full master s degree program. These certificate programs will augment your skills, provide

More information

A New Undergraduate Major: Interactive Media and Game Development

A New Undergraduate Major: Interactive Media and Game Development A New Undergraduate Major: Interactive Media and Game Development David Finkel, Mark Claypool, Michael A. Gennert Department of Computer Science Fred Bianchi, Dean O Donnell, Patrick Quinn Department of

More information

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/ An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

CTL Online Workshop Program Referral Resource Sheet

CTL Online Workshop Program Referral Resource Sheet ACADEMIC POLICIES THAT CAN AFFECT YOU AS A UMUC FACULTY MEMBER Familiarizes faculty with UMUC Academic Policies and their effect on faculty responsibilities and expectations for students Intended for all

More information

Course Guide Masters of Education Program (UOIT)

Course Guide Masters of Education Program (UOIT) Course Guide Masters of Education Program (UOIT) Note: 1 course = 3 credits Students need 12 credits (4 courses) to obtain Graduate Diploma Students need 30 credits (10 courses) to obtain M.Ed. Or M.A

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

A Self and Peer Assessment Intervention in Mathematics Content Courses for Pre-Service Elementary School Teachers Xin Ma, Richard Millman, Matt Wells

A Self and Peer Assessment Intervention in Mathematics Content Courses for Pre-Service Elementary School Teachers Xin Ma, Richard Millman, Matt Wells A Self and Peer Assessment Intervention in Mathematics Content Courses for Pre-Service Elementary School Teachers Xin Ma, Richard Millman, Matt Wells University of Kentucky Introduction We explored in

More information

EXPLORING THE CONTOURS OF THE FREEDOM TO TEACH. Lawrence S. Bacow Nancy Kopans Randal C. Picker

EXPLORING THE CONTOURS OF THE FREEDOM TO TEACH. Lawrence S. Bacow Nancy Kopans Randal C. Picker EXPLORING THE CONTOURS OF THE FREEDOM TO TEACH Lawrence S. Bacow Nancy Kopans Randal C. Picker Ithaka S+R is a strategic consulting and research service provided by ITHAKA, a not-for-profit organization

More information

A Collaborative Professional Development Approach to Improving Student Outcomes

A Collaborative Professional Development Approach to Improving Student Outcomes A Collaborative Professional Development Approach to Improving Student Outcomes Jillian Starman, Starman Consulting Ann Larson, University of Louisville Eve Proffitt, University of Kentucky, P-20 Innovation

More information

EXECUTIVE MASTER IN. Increasing corporate value in today s complex digital world through reputation management and communication with stakeholders.

EXECUTIVE MASTER IN. Increasing corporate value in today s complex digital world through reputation management and communication with stakeholders. EXECUTIVE MASTER IN CORPORATE COMMUNICATION Increasing corporate value in today s complex digital world through reputation management and communication with stakeholders. COURSE DESCRIPTION At a Glance

More information

Chairman Johnson, Ranking Member Carper, and Members of the committee:

Chairman Johnson, Ranking Member Carper, and Members of the committee: UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

More information

Master of Science in Early Childhood Education Singapore, 2005 2006

Master of Science in Early Childhood Education Singapore, 2005 2006 Master of Science in Early Childhood Education Singapore, 2005 2006 Offered by RTRC Asia in Collaboration with Wheelock College s Center for International Education, Leadership, and Innovation Background

More information

TUSKEGEE CYBER SECURITY PATH FORWARD

TUSKEGEE CYBER SECURITY PATH FORWARD TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information